External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,341 Commits 26 Branches 288 Tags
Commit Graph

29341 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pedro Igor
9b9f1bfe8c
Fixing flaky test KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP 
Closes #42601

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 13:44:57 +01:00
Stefan Guilhen
d58a1c1c9a Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
(cherry picked from commit ef3de183dfc21257f7ddc3ff777ddf0118fd92a7)
 2025-11-10 15:11:18 -03:00
Pedro Igor
ab93d338e2
The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings 
Closes #43883

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-10 16:41:25 +00:00
Pedro Igor
4c47759545
Fix Admin Console crash when opening Client'a Authz Permission details 
Closes #44056

Signed-off-by: Bahaa Zaid <bahaa.zaid@pixelogicmedia.com>
Co-authored-by: Bahaa Zaid <bahaazaid@gmail.com>
 2025-11-10 16:07:18 +01:00
Steven Hawkins
5819ea2d32
fix: considering source ordinality with spi options (#43805) (#44019) 
closes: #43793


(cherry picked from commit 4a63fcffaf99666867789562d4aff492089432e9)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-07 13:35:11 +01:00
Stan Silvert
c877c638e2
Only check required field when i18n dialog is open. 
Fixes #41271
Fixes #41270


(cherry picked from commit 322cbcdd84b304157ea658801b23f20679b01c40)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-05 21:29:25 +01:00
Alexander Schwartz
bb9015a1f2
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 14:42:40 +01:00
Martin Kanis
9ebab2f017 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 15:16:29 -03:00
Alexander Schwartz
d8055acb45
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: KONSTANTINOS GEORGILAKIS <55974447+cgeorgilakis@users.noreply.github.com>
 2025-11-04 14:42:35 -03:00
vramik
2a2f48c0ea Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 19:53:24 -03:00
Tobi
0564876645 Add new indices on offline_client_session 
Closes #43566
Closes #43516

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:07:05 -03:00
Martin Bartoš
013835ec53
ExternalLinksTest is broken due to missing path parameters 
Closes #43082

(cherry picked from commit 70a9a600ded0ba9fe04917fef48507bb44e985ec)

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 13:00:41 +01:00
Ricardo Martin
5101031516
Ensure the logout endpoint removes the authentication session 
Closes #43853


(cherry picked from commit 3b3adcf1e4819bf63e08269142459f747c31cb37)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 18:59:58 +01:00
Alexander Schwartz
34b9ede377
Allow only normalized paths in requests (#43869) 
* Allow only normalized paths in requests

Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* Remove the trailing slash for base url in the account and admin tests

Closes #43863

Signed-off-by: rmartinc <rmartinc@redhat.com>
# Conflicts:
#	js/apps/account-ui/test/account-security/linked-accounts.spec.ts

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-10-31 15:57:40 +01:00
Steven Hawkins
4357fc43c7
fix: simplify debug handling and remove the 0.0.0.0 default 
* fix: simplify debug handling and remove the 0.0.0.0 default

closes: #43160



* Update quarkus/dist/src/main/content/bin/kc.sh




* removing the ability to specify just the ip



* Apply suggestions from code review




---------





(cherry picked from commit 9e98f2bf961f68853cea6fbec58b512ed8be7ca9)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-30 21:20:29 +01:00
Alexander Schwartz
6a4e4abf30
Don't keep an old session to avoid a stable objects and a memory leak 
Closes #43761

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:41 -03:00
Alexander Schwartz
15fe032e8d
Resolve session leak in DeclarativeUserProfileProvider 
Closes #43785

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 17:36:09 -03:00
Ryan Emerson
7b60e54e62
Document debug log settings required to show applied Infinispan configuration 
Closes #43655

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-29 16:01:53 +01:00
Pedro Igor
0b1a17b82d
Migration step to add the reset-password scope to user resource type resources 
Closes #43736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-29 13:30:55 +00:00
Alexander Schwartz
b378499bee
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:18 -03:00
Ricardo Martin
89dd6127c3
Check offline scope is still assigned when performing a refresh 
Closes #43734


(cherry picked from commit e0c1f2ee0fd14ba76338d9c2c213d45d0e857450)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-29 08:33:23 +00:00
Steven Hawkins
a2c2b7e08f
fix: forcing the namespace for the servicemonitor check 
closes: #43774


(cherry picked from commit d9e3f55b69264e45467a752803f0f0665c123607)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-28 17:54:12 +00:00
Alexander Schwartz
781d458b50
Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 14:53:16 -03:00
Alexander Schwartz
8b253f9e12
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:37 -03:00
Ricardo Martin
29eacdd9d3
Only add the none verifier when attestation conveyance preference is none 
Closes #43723


(cherry picked from commit 1bd9a3f4733f80f30111a5e2bad973b85530dc16)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 14:09:09 +00:00
Marco N.
334f403653
Add authorization checks for workflows 
Require the "manage-realm" role to perform any operation on a workflow

Closes #43509

Signed-off-by: Marco Neuhaus <m.neuhaus@smf.de>
 2025-10-27 17:46:25 +01:00
Pedro Igor
0407446206
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 18:45:49 +01:00
Pedro Igor
abd5cd292f
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-26 17:37:44 +01:00
rmartinc
d415cc1385 DPoP replay check should take clockSkew into account 
Closes #43505

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 62f68b2f197e00a7ae5532984c08a42164184301)
 2025-10-24 09:30:28 +02:00
Pedro Igor
59b20d1d63
Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 21:53:17 +02:00
Stian Thorgersen
84fd00c9f7
SPIFFE should support OIDC JWK endpoint (#43651) (#43656) 
Closes #43650


(cherry picked from commit f6ac64907d300025c70bbb0ab42a6cacb2730e51)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-23 08:08:31 +02:00
Alexander Schwartz
4ad4ce5d58 Adding this as a breaking change plus deprecation 
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 14:55:31 -03:00
Ronaldo Paulino Jiconda
489d10157a Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-21 14:55:31 -03:00
Martin Kanis
a321c2c91f Make pending email verification attribute removable by admin 
Closes #43351

Signed-off-by: Martin Kanis <mkanis@redhat.com>
(cherry picked from commit 986fdd7341a0f42a59f5eec1bd6c3d5a715f2893)
 2025-10-21 08:50:07 -03:00
Alexander Schwartz
7c50d94f14
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 08:16:40 -03:00
Martin Kanis
add43bd394
Final review and update for UPDATE_EMAIL documentation 
Closes #42991


(cherry picked from commit 3f70da04f6a9511831e1fe2fd2de304e7e411f60)

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-21 12:45:29 +02:00
Steven Hawkins
c0ba2599b1
fix: noting db support level changes (#43549) (#43608) 
closes: #43191


(cherry picked from commit 736d4920d70e54b71f293f3b681fbdf51d3cc373)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-21 11:45:06 +02:00
Steven Hawkins
bcc73bc98b
fix: allow for --optimized to receive signals (#43580) (#43610) 
* fix: allowing --optimized to terminate gracefully

closes: #43561



* Update quarkus/dist/src/main/content/bin/kc.sh




---------




(cherry picked from commit 3b7f364b4fa1b3265b89924f666886654cbd933d)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-20 13:47:15 -04:00
Stan Silvert
3419734bf5
Handle options component with no value set. (#43548) 
Fixes #43244


(cherry picked from commit afd4d04dcf69c96e92a77a032e2ab8fbcaa705e8)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-20 08:06:49 -04:00
mposolda
c318afb5c5 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a2cc51aed7692ec09c619f2a6f4ecc7055beb9e1)
 2025-10-16 17:11:36 +02:00
Giuseppe Graziano
e5e4e804f3
Update changes.adoc to include changes-26_4_1.adoc 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-16 10:49:46 +02:00
Giuseppe Graziano
a340941007
Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328


(cherry picked from commit bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b)

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-15 19:08:05 +00:00
vramik
89c960cd4e Fix scope interference 
Closes #40965

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-15 14:32:46 -03:00
Steven Hawkins
f860491397
fix: refining activation condition error handling 
closes: #43096


(cherry picked from commit 43ee41e8a82fc7f326cc74df462fe44a5f95de61)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-15 13:31:20 +00:00
Pedro Ruivo
bb91dbf7ee
Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 15:20:45 +02:00
Alexander Schwartz
7f17393b52
Use quoted values for boolean and number values in Operator examples 
Closes #43459

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 13:28:28 -04:00
Steven Hawkins
329b22ad35
fix: refining https-protocols documentation (#43420) (#43462) 
closes: #43164
(cherry picked from commit 700b86fad85c17d90cc133013e5704e760f30686)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 17:08:26 +00:00
Stian Thorgersen
464f635dc4
Fix SPIFFE client authentication when iss claim is included 
Closes #43394

(cherry picked from commit 5c5905fed3eb3285a8183259035b8c71b26e2135)

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 15:43:05 +00:00
Alexander Schwartz
4c1a1dee48
JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 09:59:57 +01:00
mposolda
272d2fc66d Minor UI fixes on 'Keys' tab of SAML client 
closes #43304

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit a77c4a6ad2ddb820f2ae9fa57c72924973d5bf99)
 2025-10-13 17:35:42 +02:00